Skip to content

Commit

Permalink
Use escapeTextForBrowser to encode dynamic strings
Browse files Browse the repository at this point in the history 
We can now use local dependencies
  • Loading branch information
@sebmarkbage
sebmarkbage committed Mar 13, 2021
1 parent d8d48f7 commit bbcf4d1
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions packages/react-dom/src/server/ReactDOMServerFormatConfig.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import {
convertStringToBuffer,
} from 'react-server/src/ReactServerStreamConfig';

import escapeTextForBrowser from './escapeTextForBrowser';
import invariant from 'shared/invariant';

// Per response,
Expand Down Expand Up @@ -46,13 +47,11 @@ export function createSuspenseBoundaryID(
}

function encodeHTMLIDAttribute(value: string): string {
// TODO: This needs to be encoded for security purposes.
return value;
return escapeTextForBrowser(value);
}

function encodeHTMLTextNode(text: string): string {
// TOOD: This needs to be encoded for security purposes.
return text;
return escapeTextForBrowser(text);
}

export function pushTextInstance(
Expand Down

0 comments on commit bbcf4d1

Please sign in to comment.